These changes include an additional bonus of US$1000 for bugs found to be "particularly exploitable", bugs found within Chromium's stable code base, which are considered to be harder to find, or for serious bugs that affect more than just Chromium, itself.

The changes to the bug bounty program have been put into immediate effect, but Google has also paid the additional bonuses retroactively to recent bug reporters, where they were eligible.

The web giant will also continue to provide additional rewards for bugs that are particularly significant. It recently paid US$10,000 to threeseparateindividuals, who discovered bugs to which Google assigned a security severity rating of "OMGOMGOMG". Google jokingly assigned these bugs with Common Vulnerabilities and Exposures identifiers CVE-1337-d00d1, CVE-1337-d00d2 and CVE-1337-d00d3.

Evans also included a few more details of the bug bounty program that he felt many weren't taking advantage of. This includes an additional bonus of US$500 to US$1000 if a bug reporter takes the time to join the Chromium community and provide a peer-reviewed patch.

Although the figures on Google's Security Hall of Fame amounts to just under half of the claimed US$1 million figure, they may not reflect the most current rewards or charitable donations. In some cases, security researchers have opted to donate their reward to a charity. When this occurs, Google has often increased the reward amount, sometimes by double, as was the case when one particular researcher donated his reward to a school project in Ethiopia.